A dev recently discovered a browser built into the settings (for any google app that lets you edit settings). From there you can bypass parental controls or enterprise restrictions.

This is a pretty exciting “extra feature”, Google!

  • sibloure@beehaw.org
    link
    fedilink
    arrow-up
    63
    ·
    2 years ago

    This is kinda funny. During a family vacation as a kid, I went down to the hotel business center to use a computer kiosk but it required payment. I was bored so I was clicking around on the locked screen’s hotel logo and got to their company about page, and a bit more link clicking eventually got me out of the company’s website and to a google search page. I browsed for free for what seemed like an hour and did it again the next day before we went home.

    • variants_of_concern@lemmy.one
      link
      fedilink
      arrow-up
      21
      ·
      2 years ago

      boredom has made me the man I am today, its tough now a days to get bored and not pull out your phone and browse lemmy instead of doing your hobbies

        • Nepenthe@kbin.social
          link
          fedilink
          arrow-up
          6
          ·
          edit-2
          2 years ago

          Oh, yeah. Anyone who complains they don’t have any hobbies actually does have a hobby, because I’m quite sure they’re not spending that time staring blankly into space. It just happens to be something like TV or scrolling a lot, and if I don’t do that I get bored enough to read, draw, etc fairly quickly. Turns out I don’t draw like I used to as a kid because I’m not bored in class.

          My only current downfall is it’s REALLY hard for me to take a walk without music like I used to now that I have access to traveling entertainment for the first time. It’s healthier to be able to sit with yourself in boredom and distress because it forces you to process your thoughts, but it’s not fun and we don’t have to do the un-fun work thing now, and that’s probably damaging psychologically

    • Troy@lemmy.ca
      link
      fedilink
      arrow-up
      8
      ·
      2 years ago

      I have a memory of something similar at a travel tourism kiosk. Kiosk was locked to their webpage. Right clicked an image, chose “save as”, navigated to something with a folder, right clicked and chose “Open in New Window” (might be misrembering – older version of windows) to pop up Windows Explorer. Windows Explorer, at the time, embedded Internet Explorer 4 if you typed a URL in the address bar, so off the races I was.

      Life before smartphones, man.

      • spunker88@kbin.social
        link
        fedilink
        arrow-up
        7
        ·
        2 years ago

        The older versions of IE back in the Windows 9X era would essentially turn into Windows Explorer if you put a local file path into them. I remember using this exploit back in the day on our school computers that ran a locked down version of Windows where you couldn’t browse anything in Windows Explorer beyond your personal network folder. I found that by typing C:/ into the IE address bar it would turn IE into Windows Explorer mode and from there I had full access to the C drive and could even open up the folder tree sidebar thing and browse the local network, finding all sorts of folders that I wasn’t supposed to be able to access.

      • sibloure@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Haha, yes! Sounds about right. Someone could create a puzzle game where you trying to escape a vendor kiosk and it gets progressively more complex as you go on.

  • TWeaK@lemm.ee
    link
    fedilink
    arrow-up
    23
    ·
    2 years ago

    This isn’t a secret browser, it’s Android System Webview - the system browser apps use when they aren’t a browser.

    What they’ve found here is a route to google.com from a webview page accessed from within the settings.

    • wet_lettuce@beehaw.orgOP
      link
      fedilink
      arrow-up
      6
      ·
      2 years ago

      100% but I believe these are typically locked down to one domain, and in this case its not.

      At least thats how I understand it. So I guess the article is a little misleading in that sense, but the net effect is the same. You have carte blanche access to the web, via android system webview, thats acting as a de-facto out-of-band browser. So its misconfigured or not locked down, which means you can use it effectively as a “hidden” browser.

      • TWeaK@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        2 years ago

        ASW isn’t locked down to any domains though, it’s just a basic browser, one that typically doesn’t let you type in a url to go to any other domains. It’s not locked down, you’re just limited in how you can navigate.

        What happened here is someone managed to navigate from one page to another page and then another, in order to ultimately get to google.com and search for whatever page they wanted. The initial web pages presented linked outside of what it maybe should have.

        Whether ASW should be under parental controls is another matter. Apparently it isn’t (at least not parental controls that affect only installed browser apps) but that could have valid functional reasons behind it.

    • sznio@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      2 years ago

      I think the mm object is the most worrying thing about this, not the fact that it’s a standard WebView.

  • MyMulligan@lemmy.one
    link
    fedilink
    arrow-up
    11
    ·
    2 years ago

    Curious if someone in an abusive relationship could use this trick if their phone was being monitored. If the abuser was just monitoring them with the phone’s parental controls this would work but if there was an app probably not?

    • Moonrise2473@feddit.it
      link
      fedilink
      arrow-up
      2
      ·
      2 years ago

      the was a news here on lemmy where someone got in prison because the local county has put some malware in the phone. It logged a single request to Pornhub, so the guy bail was revoked

      • conciselyverbose@kbin.social
        link
        fedilink
        arrow-up
        3
        ·
        2 years ago

        Not his phone. There are circumstances where that would be defensible.

        They put their malware on his wife and kids’ phones.

    • Troy@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      2 years ago

      Unfortunately, it’s hard to discover this trick on its own, unless you’re already clever enough to find other ways around it.

  • CanadaPlus@lemmy.sdf.org
    link
    fedilink
    arrow-up
    6
    ·
    2 years ago

    Lol, sort of confession time. I was writing an essay for a major exam once, and I tried using Word’s built-in search function just to see if it would work. It did, and nobody was the wiser.

    I didn’t actually cheat; I didn’t need to. But, I felt proud for figuring out a way I could have, haha.